Hi. In this ticket I'd like to request a kerberos keytab for our bot account named 'usercont' in FAS. The 'botness' of the account was already acknowledged by FESCO[1]. The bot has been sponsored to a committers group upon approval by FESCO. The purpose of the account is to be used to automate releasing to fedora of tools our team produces (currently it's just conu[2][3]) and for full automation we need a keytab for usercont@FEDORAPROJECT.ORG in order to push changes and submit builds. The bot will be deployed in internal OpenShift cluster and we have agreed to take full responsibility for what the bot does. Bot's code is publicly available[4].
List of people with access to keytab: jkosciel ttomecek phracek dhodovsk eslobodo
dhodovsk will be the person ultimately responsible for the keytab. I have a GPG key on my FAS account that you can use to encrypt the keytab.
[1] https://pagure.io/fesco/issue/1843 [2] https://github.com/fedora-modularity/conu [3] https://src.fedoraproject.org/rpms/conu [4] https://github.com/kosciCZ/release-bot
internal OpenShift cluster
Do you mean Fedora's openshift or another one?
Note that bot accounts are a special type of account and https://admin.fedoraproject.org/accounts/user/view/usercont is not a bot account
We know about this.
<puiterwijk> You should be able to just register it. We can mark it as a bot, but that'll limit your ability to log into it to make changes, so that's up to you.
After this response we decided to keep it as human account. Our bot is heavily inspired by what cockpit team does with their 'cockpit' account, that is also not marked as a bot, despite it being a bot.
No, by internal I meant Redhat internal (RH open paas)
Is there any action I need to take to make this happen?
Note that if @dhodovsk is going to be responsible, I want them to post a comment saying that they will assume the responsibility, and I'd like them to add a GPG key so I can send it to them.
Metadata Update from @ralph: - Issue tagged with: authentication
Yes, I know of this, thank you! :)
Key: <img alt="dhodovsk_key.asc" src="/fedora-infrastructure/issue/raw/files/ee042f01225c4b5a73f8bc477dee3c9d6cc60a7b5f447aa87cd82952088a2738-dhodovsk_key.asc" />
The keytab has been sent to @dhodovsk.
Metadata Update from @puiterwijk: - Issue close_status updated to: Fixed - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.